From: Eric Curtin <ericcurtin17@gmail.com>
Date: Mon, 3 Sep 2018 14:23:37 +0000 (+0100)
Subject: New openssl subject parser hard to debug
X-Git-Tag: OpenSSL_1_1_1~44
X-Git-Url: https://git.openssl.org/?a=commitdiff_plain;h=2167640b0bf76ec50a397dd90444b97c242e3f04;hp=64ed55ab033f1bfa795d46f0ecc61c313204b418;p=openssl.git

New openssl subject parser hard to debug

-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com'
was a valid subject in openssl 1.0. Error received in 1.1 is:

problems making Certificate Request

Not very informative, I only figured this out because I compiled the
code and added logging.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7098)
---

diff --git a/apps/apps.c b/apps/apps.c
index 4090e605e5..9be656054a 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1768,8 +1768,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
     char *work;
     X509_NAME *n;
 
-    if (*cp++ != '/')
+    if (*cp++ != '/') {
+        BIO_printf(bio_err,
+                   "name is expected to be in the format "
+                   "/type0=value0/type1=value1/type2=... where characters may "
+                   "be escaped by \\. This name is not in that format: '%s'\n",
+                   --cp);
         return NULL;
+    }
 
     n = X509_NAME_new();
     if (n == NULL)